Cryptography is a security mechanism for protecting information from unintended disclosure by transforming the information into a form that is unreadable to humans, and unreadable to machines that are not specially adapted to reversing the transformation back to the original information content. The cryptographic transformation can be performed on data that is to be transmitted electronically, such as an electronic mail message, and is equally useful for data that is to be securely stored, such as the account records for customers of a bank or credit company.
The transformation process performed on the original data is referred to as “encryption”. The process of reversing the transformation, to restore the original data, is referred to as “decryption”. The terms “encipher” and “decipher” are also used to describe these processes, respectively. A mechanism that can both encipher and decipher is referred to as a “cipher”.
Mathematical algorithms are used to describe the functioning of ciphers. The goal of a cipher is to be computationally infeasible to “break”-that is, it must be nearly impossible to “guess” or derive the original data content from any series of computations that can be performed on the transformed data, absent knowledge of how the encryption was accomplished. Use of a “key” during the encryption and decryption processes helps make the cipher more difficult to break. A key is a randomly-generated number factored into operation of the encryption to make the result dependent on the key. The value used for the key in effect “personalizes” the algorithm, so that the same algorithm used on the same input data produces a different output for each different key value. When the value of this key is unknown to the unauthorized persons, they will not be able to duplicate or to reverse the encryption. Provided that the key is kept secret, the algorithm that performs the ciphering can be made public. The key will be known to the parties intended to encrypt and decrypt the data: they can use the key to “lock” and “unlock” the data contents, whereas unauthorized persons cannot. When the same key is used for encrypting and for decrypting, the key is referred to as being “symmetric”.
A cipher to be used in a computer system can be implemented in hardware, in software, or in a combination of hardware and software. A commonly used cipher is known as the Data Encryption Algorithm (“DEA”). A variant of the DES algorithm, known as “Triple DES”, was developed to increase the strength of the result over that available with DES. Triple DES uses several rounds of ciphering, with different keys for each of the rounds.
One way to make a cipher stronger is to increase the number of rounds of ciphering performed because with each successive transformation, the resulting encryption becomes more difficult to break. It will be appreciated that the computations involved to cipher data are quite complex, and that while performing more rounds of ciphering increases the strength of the result, it also causes computation time to increase.
Because hardware-based encryption systems are typically much faster than software based encryption systems, hardware based systems are preferable, especially for dedicated ciphering operations. A hardware implementation may be a semiconductor chip, such as a DES chip implementing a complete DEA function, or in firmware in a dedicated processor. Hardware implementations usually require specialized off-the-shelf chips or custom ASICs (Application Specific Integrated Circuits) which implement the complete data encryption process. The processor in which the ASIC device is used loads in a key, sets the mode of operation, and passes the data through the encryption system.
In typical DES implementations, in each round of ciphering, a permuting function (Pf) output is XOR'ed with the left input to generate the output of the cipher round. This is provided to a permuting function element (Ef) in the next round of ciphering. The output of the permuting function (Ef) is XOR'ed with a key output for that round to generate the selection function (S-box) input. As those of skill in the art will appreciate, there are normally two XOR functions (gates) in the critical timing path. To improve ciphering speed, it is therefore highly desirable to reduce the time required for critical path operations, especially when many rounds of ciphering are desired for improved security.
Accordingly, what is needed is an improved method and system for ciphering. What is also needed is a method and system for encrypting and decrypting data blocks in less time that prior methods and systems. What is also needed is method and system for encrypting and decrypting data blocks utilizing less gates in the critical timing path to provide improved ciphering speed.
The exemplification set out herein illustrates a preferred embodiment of the invention in one form thereof, and such exemplification is not intended to be construed as limiting in any manner.